[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known

Subject: [cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
From: Chris Adams <cmadams@xxxxxxxxxx>
Date: Fri, 21 Jun 2002 21:54:20 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Once upon a time, Tom Worley <raq@xxxxxxxxxxxx> said:
> What is even more worrying is that the admserv (at least on raq3/4) is run as 
> root, so if a raq3/4 (and probably all the other cobalt servers) were 
> attacked on the admin server they would have root access.....

Just FYI (not defending Sun's inaction): the analysis appears to show
that glibc based platforms (i.e. Linux) are probably not vulnerable to
remote exploits, only denial of service.  It appears that the OpenBSD
and FreeBSD libraries are vulnerable however.

-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

Follow-Ups:
- Re: [cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
  - From: Tom Worley

References:
- Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
  - From: njd 76
- Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
  - From: Tom Worley

Prev by Date: Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Next by Date: Re: [cobalt-security] Weird process running
Previous by thread: Re: [cobalt-security] Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Next by thread: Re: [cobalt-security] Re: Fw: [SECURITY] Remote exploit for 32-bit Apache HTTP Server known

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index